Disclaimer: This short guide is basically just a reminder to myself, where most of the content is based on Digital Ocean's Initial Server Setup with Ubuntu 16.04 and my own memory. There are some important steps that aren't included in this guide. If you're new to Linux or Ubuntu, I suggest that you read Digital Ocean's guide instead.
All commands in this guide (unless otherwise stated) assume you are currently logged in as root.
Add a user
We don't want to use the root user when logging in to our server, so we need to create a new user.
If you're only using keys to log in to your server (which you should), you can choose to not create a password for the new user using the
--disabled-passwordoption. Please note that you'll be unable to use
sudowith this user unless you also perform the steps in this post.
adduser <user> [--disabled-password]
Our newly created user will typically need root privileges:
usermod -aG sudo <user>
Now, if you want this user to be able to use
sudo without the need for a password, here's how to accomplish this.
Public Key Authentication
At this point we're ready to copy the public keys to the newly created user's .ssh folder. I won't cover all the details of this process in this guide. Please refer to the previously mentioned Digital Ocean guide if you're uncertain of how to do this.
We will need to set the correct permissions:
Note: These commands assume you are logged in as your newly created user.
chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
Also make sure that these files are owned by the user we just created.
Disable password authentication
On new Digital Ocean droplets, this step is usually already done when creating the droplet. Just to make sure, we'll check to see if the file
/etc/ssh/sshd_config contains the following lines and that none of them are commented out:
PasswordAuthentication no PubkeyAuthentication yes ChallengeResponseAuthentication no
If you did any changes, reload the SSH daemon:
systemctl reload sshd
Note: Try connecting to your server in a separate tab/window before disconnecting.
We need to make sure that our server doesn't expose unnecessary ports and protocols, so lets configure UFW in the most basic way possible:
ufw allow OpenSSH ufw enable
Note: At this point you should once more verify that you're able to log in to your server.
This concludes this short guide on how to perform the initial steps when creating a new Ubuntu (16.04) server.
February 12, 2018
You can verify that this post was written by me by pasting the signature into keybase.io/verify.